mintmaker-renovate-image update #19213
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Kubernetes YAMLs with kube-linter | |
| on: | |
| # Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present kube-linter | |
| # SARIF reports. | |
| pull_request: | |
| branches: [ main ] | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| scan: | |
| permissions: write-all | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # This prepares directory where github/codeql-action/upload-sarif@v1 looks up report files by default. | |
| - name: Create ../results directory for SARIF report files | |
| shell: bash | |
| run: mkdir -p ../results kustomizedfiles | |
| - name: Setup Kustomize | |
| uses: multani/action-setup-kustomize@v1 | |
| with: | |
| version: 5.6.0 | |
| - name: Run kustomize build | |
| run: | | |
| find argo-cd-apps components -name 'kustomization.yaml' \ | |
| ! -path '*/k-components/*' \ | |
| ! -path 'components/repository-validator/staging/*' \ | |
| ! -path 'components/repository-validator/production/*' \ | |
| ! -path 'components/monitoring/blackbox/staging/*' \ | |
| ! -path 'components/*/chainsaw/*' \ | |
| | \ | |
| xargs -I {} -n1 -P8 bash -c 'dir=$(dirname "{}"); output_file=$(echo $dir | tr / -)-kustomization.yaml; if ! log=$(kustomize build --enable-helm "$dir" -o "kustomizedfiles/$output_file" 2>&1); then echo "Error when running kustomize build for $dir: $log" && exit 1;fi' | |
| - name: Scan yaml files with kube-linter | |
| uses: stackrox/[email protected] | |
| id: kube-linter-action-scan | |
| with: | |
| version: v0.7.6 | |
| # Adjust this directory to the location where your kubernetes resources and helm charts are located. | |
| directory: kustomizedfiles | |
| # The following two settings make kube-linter produce scan analysis in SARIF format which would then be | |
| # made available in GitHub UI via upload-sarif action below. | |
| format: sarif | |
| output-file: ../results/kube-linter.sarif | |
| - name: Upload SARIF report files to GitHub | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: failure() && steps.kube-linter-action-scan.outcome == 'failure' | |
| with: | |
| name: kustomize-manifests | |
| path: kustomizedfiles |